Am 08.05.2007 um 15:24 schrieb Russ Lavoie:
> For some reason the modsec-auditlog-collector.pl file stopped logging
> all of a sudden. But I am getting alerts in the mod_debug logs,
> but no
> where else... Nothing has changed from yesterday to today, it just
> stopped working.
>
> Is there some alternative solution to logging on the console other
> than
> this external perl script?
I do not know of any, but would appreciate a solution for this, too.
A nice
thing would be a unix- or tcp-socket to listen on that is directly
integrated
into the ModSecurity-module.
This way writing tools that listen on the audit-log would be a little
more
comfortable.
Regards,
Chris

I wanted to forward this to the list. If you are interested in hearing
a bit more about this data, I will be presenting on it in tomorrow's
"Web Security Threat Report" webcast. Webcast info is located here -
http://www.breach.com/webinars.asp.=20
--=20
Ryan C. Barnett
ModSecurity Community Manager
Breach Security: Director of Application Security Training
Web Application Security Consortium (WASC) Member
Author: Preventing Web Attacks with Apache
=20
--------------
Web Security Threat Report Webinar on May 9, 2007 (12 pm EST)
Learn More About the Breach Webinar Series:
http://www.breach.com/webinars.asp
--------------
=20
-----Original Message-----
From: announcements@... [mailto:announcements@...]=20
Sent: Monday, May 07, 2007 6:44 PM
To: websecurity@...
Subject: [WEB SECURITY] WASC Announcement: Distributed Open Proxy
Honeypot Project Data Released
The Web Application Security Consortium (WASC) is pleased to announce
the
inital release of data collected by the Distributed Open Proxy
Honeypot Project. This first release of information is for data
gathered
from January - April, 2007. During this timeframe, we had 7
internationally
placed honeypot sensors deployed and sending their data back to our
central
logging host.
What did we see? Here are some brief highlights -
- SQL Injection Attacks
- Brute Force Attacks
- OS Command Injection
- Web Defacement Attempts
- Google-Abuses (Google-Hacking and Proxying for BannerAd/Click
Fraud)
- Information Leakage
We have created a PDF document here -
http://www.webappsec.org/projects/honeypots/Threat_Report_05072007.pdf
. The attacks are mapped to the WASC Threat Classification categories.
There are some high-level statistics shown, however they are very crude
as
this was not the focus of this phase of the project. We understand that
the
data presented is a bit raw, however we wanted to release this
information
so that the public may have a chance to review it and provide feedback.
Our
initial goal was to identify the types of current attacks that are using
open proxy servers. In our future deployments, we will attempt to
refine
the data analysis processes to extract out trend data and high level
concepts. In the near future, we will be updating both the VMware
honeypot
sensors themselves and will also use a newer version of the centralize
logging host (ModSecurity Console).
We are also planning to release more frequent information in the form of
diary entries on the project webpage as new attacks/trends are
identified.
While the initial deployment was a success, we still need participants
who
are willing to participate by deploying our VMware honeypot sensor on
their
network. If you are interested in participating, please send an email
to
Ryan Barnett at - RCBarnett_@...
URL:
http://www.webappsec.org/projects/honeypots/
Regards,
--=20
Ryan C. Barnett
Web Application Security Consortium (WASC) Member
Distributed Open Proxy Honeypot Project Lead
------------------------------------------------------------------------
----
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:=20
http://www.webappsec.org/lists/websecurity/
Subscribe via RSS:=20
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

For some reason the modsec-auditlog-collector.pl file stopped logging
all of a sudden. But I am getting alerts in the mod_debug logs, but no
where else... Nothing has changed from yesterday to today, it just
stopped working.
Is there some alternative solution to logging on the console other than
this external perl script?
Thanks!

Hello, all.
Wehn I set SecUploadKeepFiles On, uploadred filename is changed randomly.
But I would like to preserve file name which uploaded.
(If same file name for example 1.txt, 1.txt, 1.txt.1, 1.txt.2 would be
good....)
Is it impossible?
and is there any planning to provide auto updating core ruleset?
Thanks for your time..
_________________________________________________________________
편리한 웹하드가 최대 1G 까지 무료!
http://im.msn.co.kr/new/function/function_02_11.asp